 Hello everyone. Today we are going to discuss AWS identity and access management. It is also called as IAM. I am Mr. Venkatesh Binghi working as assistant professor in CSA department of WIT, Swalapur. After going through this video session, you will be able to create users using AWS IAM as well as groups by using AWS IAM. So before start, what exactly IAM is? AWS identity and access management enables you to manage access to AWS services and secure your resources. This is one of the important point of IAM. By using this, you can secure your account as well as the services. Using IAM, you can create, manage AWS users, groups and use permissions to allow and deny their access to AWS resources. Again, this is one of the important features of IAM. IAM is a feature of your AWS account offered at no additional charge. You will be charged only for the use of other AWS services by your users. Before starting out to create IAM users, I want to explain the best practices of IAM. To help secure your AWS resources, follow these recommendations for AWS identity and access management services. First one is lock away your AWS account, root user access keys. See, the root user is one of the most important user of any system or any device. So you need to lock it away by using access keys. Access keys feature is provided by the AWS. The second important thing, create individual IAM users. Every IAM user should be different from others. Suppose there is a project who are working in a group, each IAM user should have a unique user ID. Use groups to assign permissions to IAM users. The way we can create users, we can create groups. Policies which are applied to particular group, it will be applied to the users who belong to that group. By using AWS IAM feature, you can add users to group particular group. Grant list privileges allow only the privileges which are required for the user or groups. Grant minimum privileges so that work will be done and work will not be stopped. Get started using permissions with AWS managed policies. Now when it comes to permissions, you manage AWS managed policies. Use customer managed policies instead of inline policies. Use access level to review IAM permissions. Configure a strong password policies for your users. This is very common. It is similar to other systems also. Enable MFA for privileged users. Suppose the user is very privileged. Then you enable multi-factor authentication technique. Use roles for application that run on Amazon EC2 instances. Now the way we can create users, groups, you can also create roles for a particular application. Inside that role you can assign users. Use roles to delegate permissions. Do not share access keys. Rotate credentials regularly. Remo unnecessary credentials. Even if you assign credentials without your knowledge, you can remove it even after assigning it. Use policy conditions for extra security. Monitor activity in your AWS account. So your AWS account has to be monitored. So, get start with Amazon AIAM. In order to start with that, start with this. Amazon AWS console. Sign in to the console. Enter password. Go to IAM. Now we will create groups. Now you can see the window. IAM resources. Users one, group one, roles three. You can create one more user. Click on add user and key. Now when you are creating users, there are two types of access type. One is programmatic access. One is AWS management console access. Programmatic access enables an access key ID and secret access key for the AWS API, CLI, SDK and other development tools. And the second option enables a password that allows user to sign in AWS management console. I want to assign programmatic access. So next permissions. Here there is existing group, EC2 group. You can assign to group. Otherwise you can create your own group according to your requirement. Next tags. This is optional part. Next review. Create user. CSV. Now you can see here you successfully created the user shown below. You can view and download user security credentials. You can also email users instruction for signing into AWS management console. So this is the credential CSV file I can open. Now here you can see the path. User name. Access key. Secret. Secret access key. Console login. And after that users with AWS management console can sign into this. Secret access key is given here. Here you can copy this. Secret access key. Here it is already there. Again if you want to do that you can do this. So this is how you can create groups. Close this. Now already user is created. Now admin one was previously created. I give this just now it is created. Now you can see the user is created. And its permissions you can see it has the permission of Amazon easy to full access. Which is it has gotten from easy to group. This is how you create users. You can also create groups. When you want to create group you click on create group. You assign group name. Easy to easy to group next. And from this what exactly what policy name you want to apply in that group. Whether you want to give full access to easy to this is one possible. And whether any other according to your type of application. Connect full access ticket. Those things you select and next step create group. Now easy to group is also created. Now you can see you can create one more group. Users this Ankit groups. You can add add this user to another group also. This easy to group you can now this user. As added into two different groups the same way you can create policies. You can create roles that will discuss in next session. So this is how we can create users using I am. You can create groups using I am to decide the privileges to the account as well as web service. Now pause this video for some time and answer this question. What is the role of I am. Pause this video and answer the question. The answer is the main role is to ensure that the proper people in an enterprise have the appropriate access to technology resources. These are some of the references. I hope you understood. Thank you. Thank you.